Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
> Am 19.05.2022 um 19:16 schrieb John Levine via mailop : > > It appears that Luis E. Muñoz via mailop said: >> If implemented, the proposal for email could work similarly, if the large >> ESPs took the same approach. This would only leave us with the >> "other" type of spam to deal with. I would think that a spamtrap included in >> the "do not spam" registry could be used to identify >> non-compliant senders and other classes of spammers. > > Although they rarely talk about it, every ESP has a suppression list they > apply to > their outgoing mail. Partly it's to avoid complaints, partly it's so if a > customer > tries to mail to suppressed addresses, they know they have a problem > customer. > > It's often called a pander file, by analogy to a US post office rule. > See my comment at the end of this blog post: > > https://wordtothewise.com/2016/09/global-suppression-lists/ > > Also remember that the legal rule nearly everywhere outside the US is opt-in > for bulk mail, > so everyone is on the "do not spam" list True and true, currently we maintain a "suppression list system" that drops about 56k unique rcpt domains, and about 35k individual email addresses. about 40-45% are hand selected and verified spamtraps, we track down and prevent sending ANY mails to them. Its hard daily work to identify and manage these lists, but otherwise it helps deliverability overall a lot and a warmup is way easier to do too. i would say only 1% - 2% of our clients are aware of this fact, for the others "it just works", but for daily smtp business as for me an absolute must. For example, a email marketing "green horn" joins to a client company, his first action was to destroy the previous guys all well warmed up adreeses with 10 IPs they had built years of reputation, all gone in under 20 minutes. with suppressions i simply have a way to recognize a bad behaviour way earlier, and can stop it before it makes damage. just think about uce-protect ;) Its also a good way to keep track of activity in the lists over all clients, eg when they sell or buy lists, some are reactivating all of their hardbounces etc etc. "Also remember that the legal rule nearly everywhere outside the US is opt-in for bulk mail, so everyone is on the "do not spam" list" exactly, and in my opinion the only way to go, as an ESP. > . > > R's, > John > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 19 May 2022, at 12:29, Dave Crocker via mailop wrote: > oh. gosh. we've been wrong about this. for 20 years. Would you care to enlighten me on how the DNC "technological requirements" differ from the hypothetical "DNE" list we have been discussing, and in particular, pertaining to the simplified use case I provided? With gratitude -lem ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/19/2022 7:57 AM, Luis E. Muñoz via mailop wrote: In this case, not really. oh. gosh. we've been wrong about this. for 20 years. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
Ahoj, Dňa 19 May 2022 13:16:13 -0400 John Levine via mailop napísal: > Also remember that the legal rule nearly everywhere outside the US is > opt-in for bulk mail, so everyone is on the "do not spam" list. Sure, it is more logical, even more intelligent. Consider when some smart head will introduce the "do not shoot me", list, then anyone not in the list can be legally shot? Including these, who do not know about that list? regards -- Slavko https://www.slavino.sk pgpoxGhY9R5u9.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On Thu 19/May/2022 14:42:13 +0200 Dave Crocker wrote: On 5/19/2022 2:41 AM, Alessandro Vesely via mailop wrote: On Wed 18/May/2022 03:01:49 +0200 Dave Crocker via mailop wrote: Note that, in spite of DMARC, we still do not have per-user authentication. The FTC report required *domain-level* authentication. They wrote: ... They were assuming that the ISP would at least have true payment records, that would provide useful investigative leads, in case name and address were false. Since a 'do not email /ME/' requires resolution down to the individual user and this must happen as the mail is being formed or sent, the list or database query must be down to the resolution of the individual. Domain level is not sufficient. They said that under the ECPA the Commission can issue a Civil Investigative Demand to seek enough information about the individual. For authentication only at the domain level to be sufficient, it requires that the owner of the domain explicitly and reliably vet that all addresses in their domain are valid and that all requests for listing, for an address in that domain, be valid. Good luck with that. Well, except open relays and criminal spammers, domain owners do require some kind of identification before sending. Criminal spammers register their own domains. The uselessness of domain-level authentication arises from the fact that domain owners themselves, not their users, are not identifiable. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
It appears that Luis E. Muñoz via mailop said: >If implemented, the proposal for email could work similarly, if the large ESPs >took the same approach. This would only leave us with the >"other" type of spam to deal with. I would think that a spamtrap included in >the "do not spam" registry could be used to identify >non-compliant senders and other classes of spammers. Although they rarely talk about it, every ESP has a suppression list they apply to their outgoing mail. Partly it's to avoid complaints, partly it's so if a customer tries to mail to suppressed addresses, they know they have a problem customer. It's often called a pander file, by analogy to a US post office rule. See my comment at the end of this blog post: https://wordtothewise.com/2016/09/global-suppression-lists/ Also remember that the legal rule nearly everywhere outside the US is opt-in for bulk mail, so everyone is on the "do not spam" list. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
> On May 19, 2022, at 8:11 AM, Dave Crocker via mailop > wrote: > > As noted earlier in the thread, there are some actors who are not criminally > inclined. Ignorant and/or aggressive, but willing to follow the rules, or at > least mostly. So, for example, they properly identify themselves. And given > a sufficiently forceful requirement, they will grudgingly conform. A notable and well-known (in some circles at least) example being Harris Interactive (the Harris Poll), who, when listed on the RBL, after initially saber-rattling and even filing a lawsuit, withdrew the lawsuit and reached out to us (this is when I was in-house at MAPS) asking us/me to guide them in changing their ways, and doing it right. They became the poster child for 'going straight'. (We did press on this, so this is all public knowledge.) To this day I think of them in terms of how an otherwise 'legitimate' organization can be doing it horribly wrong, but then actually turn it around. (Contrast that to a certain well-known coffee purveyor with an affiliate program, of whom I also think to this day, but for very different reasons (they were actually who I had in mind when we wrote the vendor liability amendment to CAN-SPAM).) Hrrm...a 'Remember them?' notable spammers/reformed spammers thread could be fun, but probably too much bandwidth-munching for what is intended to be a useful list. :-) To put it back on track, I'd say that perhaps as many as 50% of companies that apply to ISIPP SuretyMail for certification and inclusion on the IADB Good Senders List are doing it wrong, but are also prepared to change their practices and follow the rules and do it right, but of course this is in part because they *know* they are having deliverability problems, which is why they came to us in the first place. (I'd also say that perhaps 10-15% of applications we get are doing it wrong, and *not* prepared to change once that is pointed out to them). There are those who don't know but care, those who don't know and don't care, and those who know and don't care. Anne -- Anne P. Mitchell, Attorney at Law CEO ISIPP SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of TrendMicro) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 19 May 2022, at 10:11, Dave Crocker via mailop wrote: > Telephone-level DNC is a different category of technological requirement. > Very different. In this case, not really. As implemented in practice, you have to run your list of phone numbers through a filter that will remove matching phones. Doesn't need to touch the actual phone network to implement. The reason it seems to work better is that technical providers for bulk dialing services take this seriously. They have incentives to do this—fines and scaremongering prospective clients into not doing it themselves. Also, let's not forget that it is national in scope and design. This, I agree, would make a substantial difference in the applicability. Still would not call it "technological requirement" though. If implemented, the proposal for email could work similarly, if the large ESPs took the same approach. This would only leave us with the "other" type of spam to deal with. I would think that a spamtrap included in the "do not spam" registry could be used to identify non-compliant senders and other classes of spammers. Best regards -lem ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/19/2022 6:58 AM, Luis E. Muñoz via mailop wrote: On 19 May 2022, at 9:41, Dave Crocker via mailop wrote: So, sure. We haven't been able to do individual-level blocking, so let's add a requirement for an additional bit of complexity. That will probably make this mechanism work a lot better... Heh, appreciate the humor. It certainly won't make it work worse. A reasonable view, I think, but it occurs to me that it could. Taking a narrow, precise requirement -- even one we don't know how to satisfy -- can be made harder to satisfy by confusing the heck out, where an additional requirement creates a distraction. This might move a "we don't know how to do it now, but might be able to figure it out" to a "we don't know how to do it now and almost certainly never will"... My point if you will, is that requirements are more complex than what's stated. The reason we won't get them fulfilled—simple or complex—is because there is no incentive for the bad guys to follow the rules. As noted earlier in the thread, there are some actors who are not criminally inclined. Ignorant and/or aggressive, but willing to follow the rules, or at least mostly. So, for example, they properly identify themselves. And given a sufficiently forceful requirement, they will grudgingly conform. The other view expressed in the thread was that such folk are not currently an interesting problem, but the criminally inclined are. (I think aggressive legitimate companies /do/ warrant some effort, but it needs to be reasonably limited and efficient effort. That's what we don't yet have.) IIRC, there is (was?) a "National Do Not Call List" implemented in the US at the federal level. Telemarketers and other organizations are required by law to scrub their own lists against this federal registry. This has not made a dent in the amount of spam calls that I get on my various lines. Telephone-level DNC is a different category of technological requirement. Very different. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 2022-05-19 at 09:58:37 UTC-0400 (Thu, 19 May 2022 09:58:37 -0400) Luis E. Muñoz via mailop is rumored to have said: IIRC, there is (was?) a "National Do Not Call List" implemented in the US at the federal level. Telemarketers and other organizations are required by law to scrub their own lists against this federal registry. This has not made a dent in the amount of spam calls that I get on my various lines. It has definitely changed the character of 'spam' calls. Before the d-n-c list, it was fairly common to get cold-called by essentially legitimate businesses. It has been years since I got one of those. This has relevance to email spam. As overall spam has declined over the past few years, criminal-grade spam has become a bigger slice of spam. It has gotten easier and safer to get a 99.9% catch rate over time. I.e. what the d-n-c list did for phone calls, spam-filtering has done for mail. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 19 May 2022, at 9:41, Dave Crocker via mailop wrote: > So, sure. We haven't been able to do individual-level blocking, so let's add > a requirement for an additional bit of complexity. That will probably make > this mechanism work a lot better... Heh, appreciate the humor. It certainly won't make it work worse. My point if you will, is that requirements are more complex than what's stated. The reason we won't get them fulfilled—simple or complex—is because there is no incentive for the bad guys to follow the rules. IIRC, there is (was?) a "National Do Not Call List" implemented in the US at the federal level. Telemarketers and other organizations are required by law to scrub their own lists against this federal registry. This has not made a dent in the amount of spam calls that I get on my various lines. The response / recommendation to establish this new registry, IMO, is simply a way to admit defeat with some grace. Best regards -lem ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/19/2022 6:30 AM, Luis E. Muñoz via mailop wrote: On 19 May 2022, at 8:42, Dave Crocker via mailop wrote: [⋯] Domain level is not sufficient. But is it though? A corporate providing email to its own users should certainly be able to express a policy that it does not want to allow any form of mailing list email to its users. My point was meant as "not sufficient for individual do not mail indication". But your response expresses a desire for an /additional/ feature, which is domain-level listing, along with individual level. So, sure. We haven't been able to do individual-level blocking, so let's add a requirement for an additional bit of complexity. That will probably make this mechanism work a lot better... d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 19 May 2022, at 8:42, Dave Crocker via mailop wrote: > [⋯] Domain level is not sufficient. But is it though? A corporate providing email to its own users should certainly be able to express a policy that it does not want to allow any form of mailing list email to its users. Best regards -lem ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 2022-05-19 05:41, Alessandro Vesely via mailop wrote: Couldn't the Do Not Email Registry also be domain-based?... It could. Rodney Joffe (if my memory serves me right), implemented that very thing and offered it up for domain owners to use. AOL and several other majors, including very large corporates (such as mine) jumped on it immediately. At which point it became clear it wouldn't do a thing. Nobody would use it because it'd cut them off from just about every recipient. Interestingly enough, that was Rodney's point from the beginning. It was fun while it lasted tho. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On Wed 18/May/2022 03:01:49 +0200 Dave Crocker via mailop wrote: On 5/17/2022 4:40 PM, Anne Mitchell via mailop wrote: "why we can't do that", culminating in "the Commission concludes that, under present conditions, a National Do Not Email Registry in any form would not have any beneficial impact on the spam problem. It is clear, based on spammers’ abilities to exploit the structure of the email system, that the development of a practical and effective means of authentication is a necessary tool to fight spam. Note that, in spite of DMARC, we still do not have per-user authentication. The FTC report required *domain-level* authentication. They wrote: Even though domain-level authentication cannot necessarily authenticate the particular person who sent an email, it does authenticate the domain from which the email originated. Law enforcement can then contact the domain to obtain information that could identify the individual sender of the email. They were assuming that the ISP would at least have true payment records, that would provide useful investigative leads, in case name and address were false. More importantly, IMO, mechanisms like this really only apply to legitimate businesses that might be a bit too aggressive. Their proposed solution was an email address registry used for scrubbing lists that legitimate business supplied in hashed form. That technique requires users to register all the possibly deliverable address+extension forms. Couldn't the Do Not Email Registry also be domain-based?... While it is possible it would mitigate some of their aggression, the bigger problem, IMO, are the folk who operate in a criminal style, ignoring rules. Or, conversely, the domains that still don't sign their email traffic. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/18/2022 11:01 AM, John R Levine wrote: but even though both are technically sound, nobody uses them outside of a few specialized communities which suggests that it's not going to happen. btw, neither does cert management in a way that has been shown to scale across the open, heterogeneous Internet. As such, calling either of them 'technically sound' is problematic. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/17/2022 8:44 PM, Luis E. Muñoz wrote: I wonder if this one ( ) Public reluctance to accept weird new forms of money should be complemented with a crypto version, to avoid triggering those that hate cryptos being compared with money? Indeed. In fact it seems clear to me that this is an example of a much-needed meta-template, for generating new checklists to cover each new hype-fest that appears. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/18/2022 11:01 AM, John R Levine wrote: Hm, your copy of the message appears to have been cut off. Here's the rest which you presumably missed: I didn't. Your opening echoed my language, in a form casting it as taking exception to it. I was noting that your choice for interpreting my language was different than intended -- or, IMO, appropriate -- for the context. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
Note that, in spite of DMARC, we still do not have per-user authentication. We have at least two flavors in PGP and S/MIME, When something exists for 30 years and has market penetration that cannot even rise to the level of being called 'meager'. /WE/ -- it, the Internet community -- does not have that thing. Hm, your copy of the message appears to have been cut off. Here's the rest which you presumably missed: but even though both are technically sound, nobody uses them outside of a few specialized communities which suggests that it's not going to happen. There is also the difference between "this mail is from b...@sludgemail.com" and "this mail is from Bob Smith whose current address is b...@sludgemail.com". The PGP web of trust is supposed to validate real names, but even among PGP users few pay attention to WOT. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/18/2022 10:32 AM, John Levine wrote: > It appears that Dave Crocker via mailop said: ... Note that, in spite of DMARC, we still do not have per-user >> authentication. We have at least two flavors in PGP and S/MIME, When something exists for 30 years and has market penetration that cannot even rise to the level of being called 'meager'. /WE/ -- it, the Internet community -- does not have that thing. The issue is pragmatics, not existence proofs. So while those two flavors exist and the code them often exists in many MUAs, neither of those flavors is of practical use to the general Internet. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
It appears that Dave Crocker via mailop said: > > >On 5/17/2022 4:40 PM, Anne Mitchell via mailop wrote: >> "why we can't do that", culminating in "the Commission concludes that, under >> present conditions, a National Do Not Email Registry in any form would not >> have any beneficial impact on the spam problem. It is clear, based on >> spammers’ >abilities to exploit the structure of the email system, that the development >of a practical and effective means of authentication is a necessary tool to >fight spam. > >Note that, in spite of DMARC, we still do not have per-user authentication. We have at least two flavors in PGP and S/MIME, but even though both are technically sound, nobody uses them outside of a few specialized communities which suggests that it's not going to happen. There is also the difference between "this mail is from b...@sludgemail.com" and "this mail is from Bob Smith whose current address is b...@sludgemail.com". The PGP web of trust is supposed to validate real names, but even among PGP users few pay attention to WOT. To return to the original issue, I don't get much spam from entities that care enough about being legitimate that they would use a do-no-spam list. Anyone who's going to buy a spam list either already has a complainers listwashing list or doesn't care. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
It appears that Luis E. Muñoz via mailop said: >On 17 May 2022, at 21:59, Dave Crocker via mailop wrote: > >> I keep enjoying that it has the style of satire, but is so well done is it >> /extremely/ useful for legitimate use. > >I wonder if this one > >( ) Public reluctance to accept weird new forms of money > >should be complemented with a crypto version, to avoid triggering those that >hate cryptos being compared with money? When Satoshi sent the first message about Bitcoin to the metzdowd crypto list in 2009, someone asked what it was good for, and he replied you could use it for e-postage. I replied no, you can't, and concluded that Bitcoin was useless. John Gilmore presciently said: The last thing we need is to deploy a system designed to burn all available cycles, consuming electricity and generating carbon dioxide, all over the Internet, in order to produce small amounts of bitbux to get emails or spams through. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
> On May 17, 2022, at 8:10 PM, Paul Vixie via mailop wrote: > > that was vernon schryver, and the list is still online, and vernon still adds > to it from time to time. rather than post the url itself, i'll post the > KARKIVE link from news.admin.net-abuse.email where it was first announced. 19 > years ago, yikes. > > https://news.admin.net-abuse.email.narkive.com/xDLfdr5u/you-might-be-an-anti-spam-kook-if Heh, I'll bet that you don't miss *at all* the 'good' old days when I'd pester you when the nntp server went down, eh? ;-) Anne ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 17 May 2022, at 21:59, Dave Crocker via mailop wrote: > I keep enjoying that it has the style of satire, but is so well done is it > /extremely/ useful for legitimate use. I wonder if this one ( ) Public reluctance to accept weird new forms of money should be complemented with a crypto version, to avoid triggering those that hate cryptos being compared with money? Best regards -lem ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
Dave Crocker via mailop wrote on 2022-05-17 18:01: ..., the bigger problem, IMO, are the folk who operate in a criminal style, ignoring rules. my view has always been that the people who don't know what the rules are, and the people who know what the rules are but see them broadly ignored, create the operating conditions that make solving for the "criminal style" impossible. as in politics, norms matter. i don't save or analyze or filter based on spam of the "criminal style" any more. my modern interest is spammers who don't know what they're doing is wrong, or think it can only be nominally and not actually wrong because huge volumes of spam are what they see, and this kind of cost-shifting seems profitable. (it's not in the broad sense; it's merely extractive, not creative, of value.) i'd much rather fight criminals whose behaviour is in no way normal. -- P Vixie ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
Justin Scott via mailop wrote on 2022-05-17 17:01: Ah, the Good Old Days(tm). I seem to recall a list of "reasons your anti-spam proposal won't work" someone would post every time someone came up with a new way to fight spam that included things like "It requires spammers to change their behavior" and "it involves a central authority or agency to approve emails" and stuff like that. ... that was vernon schryver, and the list is still online, and vernon still adds to it from time to time. rather than post the url itself, i'll post the KARKIVE link from news.admin.net-abuse.email where it was first announced. 19 years ago, yikes. https://news.admin.net-abuse.email.narkive.com/xDLfdr5u/you-might-be-an-anti-spam-kook-if -- P Vixie ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
On 5/17/2022 4:40 PM, Anne Mitchell via mailop wrote: "why we can't do that", culminating in "the Commission concludes that, under present conditions, a National Do Not Email Registry in any form would not have any beneficial impact on the spam problem. It is clear, based on spammers’ abilities to exploit the structure of the email system, that the development of a practical and effective means of authentication is a necessary tool to fight spam. Note that, in spite of DMARC, we still do not have per-user authentication. More importantly, IMO, mechanisms like this really only apply to legitimate businesses that might be a bit too aggressive. While it is possible it would mitigate some of their aggression, the bigger problem, IMO, are the folk who operate in a criminal style, ignoring rules. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
So are we making our own list? This happening? I just use this right now: https://www.stopforumspam.com/downloads On 2022-05-17 18:40, Anne Mitchell via mailop wrote: For those who didn't know, you may find this infuria...interesting. Did you know that CAN-SPAM mandated that the FTC look at creating a Do Not Email list and report their findings within 6 months of CAN-SPAM being enacted? That report was created and delivered, and it is 60 pages of "why we can't do that", culminating in "the Commission concludes that, under present conditions, a National Do Not Email Registry in any form would not have any beneficial impact on the spam problem. It is clear, based on spammers’ abilities to exploit the structure of the email system, that the development of a practical and effective means of authentication is a necessary tool to fight spam. Therefore, the Commission encourages the private market to develop an authentication standard. Authentication is not only required to make a Registry effective, but may even substantially address the underlying problem that prompted Congress to consider the establishment of a Registry." You can read all 60 pages here: https://www.ftc.gov/sites/default/files/documents/reports/can-spam-act-2003-national-do-not-email-registy-federal-trade-commission-report-congress/report.pdf ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List
Ah, the Good Old Days(tm). I seem to recall a list of "reasons your anti-spam proposal won't work" someone would post every time someone came up with a new way to fight spam that included things like "It requires spammers to change their behavior" and "it involves a central authority or agency to approve emails" and stuff like that. Seems relevant given the way SMTP is structured, and the FTC was right to say "not going to happen" in this report. Sadly my search-fu wasn't strong enough to find that original list anywhere. On Tue, May 17, 2022 at 4:47 PM Anne Mitchell via mailop wrote: > For those who didn't know, you may find this infuria...interesting. Did > you know that CAN-SPAM mandated that the FTC look at creating a Do Not > Email list and report their findings within 6 months of CAN-SPAM being > enacted? That report was created and delivered, and it is 60 pages of "why > we can't do that", culminating in "the Commission concludes that, under > present conditions, a National Do Not Email Registry in any form would not > have any beneficial impact on the spam problem. It is clear, based on > spammers’ abilities to exploit the structure of the email system, that the > development of a practical and effective means of authentication is a > necessary tool to fight spam. Therefore, the Commission encourages the > private market to develop an authentication standard. Authentication is not > only required to make a Registry effective, but may even substantially > address the underlying problem that prompted Congress to consider the > establishment of a Registry." > > You can read all 60 pages here: > > > https://www.ftc.gov/sites/default/files/documents/reports/can-spam-act-2003-national-do-not-email-registy-federal-trade-commission-report-congress/report.pdf > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
